HP FlexNetwork MSR Series Configuration Manuals page 24

Comware 7 acl and qos

Hide thumbs Also See for FlexNetwork MSR Series:

Configuration manual (392 pages)

Command reference manual (1005 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

page of 159

/ 159
Contents
Table of Contents
Bookmarks

Table of Contents

[Device] acl advanced 3001

[Device-acl-ipv4-adv-3001] rule permit ip source 192.168.2.0 0.0.0.255 destination

192.168.0.100 0 time-range work

[Device-acl-ipv4-adv-3001] quit

# Configure ACL 3002 to deny access from any other department to the financial database server.

[Device] acl advanced 3002

[Device-acl-ipv4-adv-3002] rule deny ip source any destination 192.168.0.100 0

[Device-acl-ipv4-adv-3002] quit

# Create a zone pair with the source security zone President and destination security zone Server.

Apply ACL 3000 to the zone pair for packet filtering.

[Device] zone-pair security source president destination server

[Device-zone-pair-security-President-Server] packet-filter 3000

[Device-zone-pair-security-President-Server] quit

# Create a zone pair with the source security zone Finance and destination security zone Server.

Apply ACL 3001 to the zone pair for packet filtering.

[Device] zone-pair security source finance destination server

[Device-zone-pair-security-Finance-Server] packet-filter 3001

[Device-zone-pair-security-President-Server] quit

# Create a zone pair with the source security zone Market and destination security zone Server.

Apply ACL 3002 to the zone pair for packet filtering.

[Device] zone-pair security source market destination server

[Device-zone-pair-security-Market-Server] packet-filter 3002

[Device-zone-pair-security-Market-Server] quit

Verifying the configuration

# Verify that a PC in the Financial department can ping the database server during working hours.

(All PCs in this example use Windows XP).

C:\> ping 192.168.0.100

Pinging 192.168.0.100 with 32 bytes of data:

Reply from 192.168.0.100: bytes=32 time=1ms TTL=255

Reply from 192.168.0.100: bytes=32 time<1ms TTL=255

Ping statistics for 192.168.0.100:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 1ms, Average = 0ms

# Verify that a PC in the Marketing department cannot ping the database server during working

hours.

C:\> ping 192.168.0.100

Pinging 192.168.0.100 with 32 bytes of data:

Request timed out.

Table of Contents

HP FlexNetwork MSR Series Configuration Manuals page 24

Related Manuals for HP FlexNetwork MSR Series

Related Products for HP FlexNetwork MSR Series

Table of Contents